In today's world of information storage, there are many circumstances wherein information must be securely stored and used. For example, many merchants and service providers accept credit cards for the payment of goods and services they sell. In order to accept a credit card for payment, a merchant or service provider will record a purchaser's credit card number along with other information, and submit the number and information for payment to the issuer of the credit card, such as Visa. In many cases this information is encrypted due to the sensitivity of the information and the threat of a third-party illegally obtaining the information, e.g., a hacker breaking into a merchant's computer system and illegally copying this information.
In addition, major credit card companies have developed guidelines to help merchant and service providers prevent credit card fraud, hacking, and various other security issues. These guidelines are known as the Payment Card Industry Data Security Standard (PCI DSS). Therefore, any merchant or service provider processing, storing, or transmitting credit card numbers must adhere to these standards or risk losing the ability to process credit card payments. These guidelines involve twelve requirements for compliance. For example, the guidelines require that any cardholder data stored must be protected. In addition, any transmission of cardholder data across open, public networks must be encrypted.
Encryption can be a complex process that involves encrypting and decrypting the cardholder data through the use of tools such as asymmetric-keys. For example, in public-key cryptography the encryption process involves using two keys, i.e., a public-key and a private key. The public key may be freely distributed, while its paired private key is kept secret. Typically, the public key is used for encrypting the data while the private key is used for decrypting the data. Therefore, these keys must be maintained and securely stored. Thus, every time a merchant or service provider transmits cardholder data, they must perform this encryption and decryption process. This can lead to inefficient processing of credit card payments.
As a result, a need exists in the art to better utilize sensitive information, yet minimize the transferring of such information. Such an improvement will also lead to better efficiency because the need for encrypting and decrypting will be reduced to use such information.